Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
8,303 questions
Clarification on Limitations of Customer-Managed Key Encryption for VM Image Versions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 52%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
toddhammer
0
Reputation points Microsoft Employee
The following article lists the limitation:
- VM image version source doesn't currently support customer-managed key encryption.
https://learn.microsoft.com/en-us/azure/virtual-machines/image-version-encryption?source=docs
However, the article title is "Create an encrypted image version with customer-managed keys."
What is a clearer explanation for this limitation? There seems to be a misunderstanding, and any additional insights would be appreciated.
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 3%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMG%3C/text%3E%3C/svg%3E)
Mahesh Goud Juvvadi 1,840 Reputation points Microsoft Vendor2025-01-30T07:26:32.95+00:00 Hi toddhammer,
Thank you for reaching out to the Microsoft Q&A platform.
Customer-Managed Keys (CMK): These are encryption keys that you create, own, and manage. You have full control over these keys, including their creation, rotation, and deletion.
Limitation
Customer-Managed Keys Not Supported When you create or manage versions of VM images, you cannot use your own customer-managed keys to encrypt these images. This means you don't have the option to apply your own encryption keys to secure these image versions.
Platform-Managed Keys Used: Instead, Azure automatically uses its own platform-managed keys to encrypt these VM image versions. Azure takes care of the encryption process without requiring any input or management from you.
When you create or manage versions of virtual machine (VM) images in Azure, you can't use your own encryption keys to secure these images. Instead, Azure automatically uses its own keys to handle the encryption. This means Azure takes care of the encryption process for you, but you don't have the option to apply your own keys to these image versions."
I hope this helps!
If it was helpful, please click "Upvote" on this post to let us know.
Thank You.
-
Mahesh Goud Juvvadi 1,840 Reputation points Microsoft Vendor
2025-01-31T06:00:17.6966667+00:00 Hello toddhammer,
Just checking in to see if you have got a chance to see my response to your question in resolving the issue.
If it was helpful, please click "Upvote" on this post to let us know.
Thank You.
Sign in to comment
Sign in to answer